From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: fam@euphon.net, "Peter Maydell" <peter.maydell@linaro.org>,
berrange@redhat.com, "Heinrich Schuchardt" <xypron.glpk@gmx.de>,
"Ilias Apalodimas" <ilias.apalodimas@linaro.org>,
f4bug@amsat.org, "Jerome Forissier" <jerome@forissier.org>,
stefanha@redhat.com, crosa@redhat.com, pbonzini@redhat.com,
"open list:Virt" <qemu-arm@nongnu.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
aurelien@aurel32.net
Subject: [PATCH v1 21/34] hw/arm: add control knob to disable kaslr_seed via DTB
Date: Wed, 5 Jan 2022 13:49:56 +0000 [thread overview]
Message-ID: <20220105135009.1584676-22-alex.bennee@linaro.org> (raw)
In-Reply-To: <20220105135009.1584676-1-alex.bennee@linaro.org>
Generally a guest needs an external source of randomness to properly
enable things like address space randomisation. However in a trusted
boot environment where the firmware will cryptographically verify
components having random data in the DTB will cause verification to
fail. Add a control knob so we can prevent this being added to the
system DTB.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Message-Id: <20211215120926.1696302-1-alex.bennee@linaro.org>
---
docs/system/arm/virt.rst | 7 +++++++
include/hw/arm/virt.h | 1 +
hw/arm/virt.c | 32 ++++++++++++++++++++++++++++++--
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 850787495b..c86a4808df 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -121,6 +121,13 @@ ras
Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
using ACPI and guest external abort exceptions. The default is off.
+kaslr-dtb-seed
+ Set ``on``/``off`` to pass a random seed via the guest dtb to use for features
+ like address space randomisation. The default is ``on``. You will want
+ to disable it if your trusted boot chain will verify the DTB it is
+ passed. It would be the responsibility of the firmware to come up
+ with a seed and pass it on if it wants to.
+
Linux guest kernel configuration
""""""""""""""""""""""""""""""""
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index dc6b66ffc8..acd0665fe7 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -148,6 +148,7 @@ struct VirtMachineState {
bool virt;
bool ras;
bool mte;
+ bool kaslr_dtb_seed;
OnOffAuto acpi;
VirtGICType gic_version;
VirtIOMMUType iommu;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 6bce595aba..1781e47c76 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -247,11 +247,15 @@ static void create_fdt(VirtMachineState *vms)
/* /chosen must exist for load_dtb to fill in necessary properties later */
qemu_fdt_add_subnode(fdt, "/chosen");
- create_kaslr_seed(ms, "/chosen");
+ if (vms->kaslr_dtb_seed) {
+ create_kaslr_seed(ms, "/chosen");
+ }
if (vms->secure) {
qemu_fdt_add_subnode(fdt, "/secure-chosen");
- create_kaslr_seed(ms, "/secure-chosen");
+ if (vms->kaslr_dtb_seed) {
+ create_kaslr_seed(ms, "/secure-chosen");
+ }
}
/* Clock node, for the benefit of the UART. The kernel device tree
@@ -2235,6 +2239,20 @@ static void virt_set_its(Object *obj, bool value, Error **errp)
vms->its = value;
}
+static bool virt_get_kaslr_dtb_seed(Object *obj, Error **errp)
+{
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+
+ return vms->kaslr_dtb_seed;
+}
+
+static void virt_set_kaslr_dtb_seed(Object *obj, bool value, Error **errp)
+{
+ VirtMachineState *vms = VIRT_MACHINE(obj);
+
+ vms->kaslr_dtb_seed = value;
+}
+
static char *virt_get_oem_id(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2764,6 +2782,13 @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
"Set on/off to enable/disable "
"ITS instantiation");
+ object_class_property_add_bool(oc, "kaslr-dtb-seed",
+ virt_get_kaslr_dtb_seed,
+ virt_set_kaslr_dtb_seed);
+ object_class_property_set_description(oc, "kaslr-dtb-seed",
+ "Set off to disable passing of kaslr "
+ "dtb node to guest");
+
object_class_property_add_str(oc, "x-oem-id",
virt_get_oem_id,
virt_set_oem_id);
@@ -2828,6 +2853,9 @@ static void virt_instance_init(Object *obj)
/* MTE is disabled by default. */
vms->mte = false;
+ /* Supply a kaslr-seed by default */
+ vms->kaslr_dtb_seed = true;
+
vms->irqmap = a15irqmap;
virt_flash_create(vms);
--
2.30.2
next prev parent reply other threads:[~2022-01-05 14:37 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-05 13:49 [PATCH v1 00/34] testing/next and other misc fixes Alex Bennée
2022-01-05 13:49 ` [PATCH v1 01/34] ui: avoid compiler warnings from unused clipboard info variable Alex Bennée
2022-01-05 13:49 ` [PATCH v1 02/34] spice: Update QXLInterface for spice >= 0.15.0 Alex Bennée
2022-01-05 13:49 ` [PATCH v1 03/34] meson: require liburing >= 0.3 Alex Bennée
2022-01-05 13:49 ` [PATCH v1 04/34] ui: avoid warnings about directdb on Alpine / musl libc Alex Bennée
2022-01-05 13:49 ` [PATCH v1 05/34] ci: explicitly skip I/O tests on alpine Alex Bennée
2022-01-05 15:14 ` Thomas Huth
2022-01-05 13:49 ` [PATCH v1 06/34] tests/docker: switch fedora image to release 35 Alex Bennée
2022-01-05 13:49 ` [PATCH v1 07/34] tests: integrate lcitool for generating build env manifests Alex Bennée
2022-01-05 13:49 ` [PATCH v1 08/34] tests/docker: auto-generate centos8.docker with lcitool Alex Bennée
2022-01-05 13:49 ` [PATCH v1 09/34] tests/docker: auto-generate fedora.docker " Alex Bennée
2022-01-05 13:49 ` [PATCH v1 10/34] tests/docker: auto-generate ubuntu1804.docker " Alex Bennée
2022-01-05 13:49 ` [PATCH v1 11/34] tests/docker: auto-generate ubuntu2004.docker " Alex Bennée
2022-01-05 13:49 ` [PATCH v1 12/34] tests/docker: auto-generate opensuse-leap.docker " Alex Bennée
2022-01-05 13:49 ` [PATCH v1 13/34] tests/docker: remove ubuntu.docker container Alex Bennée
2022-01-05 13:49 ` [PATCH v1 14/34] .gitlab-ci.d/cirrus: auto-generate variables with lcitool Alex Bennée
2022-01-05 13:49 ` [PATCH v1 15/34] tests/docker: updates to alpine package list Alex Bennée
2022-01-05 13:49 ` [PATCH v1 16/34] tests/docker: fix sorting of alpine image package lists Alex Bennée
2022-01-05 13:49 ` [PATCH v1 17/34] tests/docker: fully expand the alpine package list Alex Bennée
2022-01-05 13:49 ` [PATCH v1 18/34] tests/docker: auto-generate alpine.docker with lcitool Alex Bennée
2022-01-05 13:49 ` [PATCH v1 19/34] tests/tcg: use CONFIG_LINUX_USER, not CONFIG_LINUX Alex Bennée
2022-01-10 9:58 ` Philippe Mathieu-Daudé
2022-01-16 23:22 ` Warner Losh
2022-01-05 13:49 ` [PATCH v1 20/34] tests/docker: add libfuse3 development headers Alex Bennée
2022-01-05 14:26 ` Richard W.M. Jones
2022-01-05 14:50 ` Daniel P. Berrangé
2022-01-05 13:49 ` Alex Bennée [this message]
2022-01-05 14:49 ` [PATCH v1 21/34] hw/arm: add control knob to disable kaslr_seed via DTB Andrew Jones
2022-01-06 17:21 ` Peter Maydell
2022-01-05 13:49 ` [PATCH v1 22/34] monitor: move x-query-profile into accel/tcg to fix build Alex Bennée
2022-01-05 13:49 ` [PATCH v1 23/34] docs/devel: update C standard to C11 Alex Bennée
2022-01-05 13:49 ` [PATCH v1 24/34] docs/devel: more documentation on the use of suffixes Alex Bennée
2022-01-05 13:50 ` [PATCH v1 25/34] linux-user/elfload: add extra logging for hole finding Alex Bennée
2022-01-07 0:11 ` Richard Henderson
2022-01-10 9:53 ` Philippe Mathieu-Daudé
2022-01-10 21:50 ` Warner Losh
2022-01-05 13:50 ` [PATCH v1 26/34] linux-user: don't adjust base of found hole Alex Bennée
2022-01-05 13:50 ` [PATCH v1 27/34] tests/avocado: add :avocado: tags for some tests Alex Bennée
2022-01-10 9:56 ` Philippe Mathieu-Daudé
2022-01-10 10:20 ` Alex Bennée
2022-01-10 21:11 ` Beraldo Leal
2022-01-05 13:50 ` [PATCH v1 28/34] tests/tcg/multiarch: Read fp flags before printf Alex Bennée
2022-01-05 13:50 ` [PATCH v1 29/34] test/tcg/ppc64le: Add float reference files Alex Bennée
2022-01-05 13:50 ` [PATCH v1 30/34] FreeBSD: Upgrade to 12.3 release Alex Bennée
2022-01-05 13:50 ` [PATCH v1 31/34] docs/sphinx: fix compatibility with sphinx < 1.8 Alex Bennée
2022-01-05 13:50 ` [PATCH v1 32/34] gitlab-ci: Enable docs in the centos job Alex Bennée
2022-01-05 13:50 ` [PATCH v1 33/34] docker: include bison in debian-tricore-cross Alex Bennée
2022-01-05 13:50 ` [PATCH v1 34/34] linux-user: Remove the deprecated ppc64abi32 target Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220105135009.1584676-22-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=aurelien@aurel32.net \
--cc=berrange@redhat.com \
--cc=crosa@redhat.com \
--cc=f4bug@amsat.org \
--cc=fam@euphon.net \
--cc=ilias.apalodimas@linaro.org \
--cc=jerome@forissier.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.